未经授权的访问 IT安全团队用的物理渗透测试 Unauthorised Access 英文原版 安全与加密
¥ 350 8.1折 ¥ 434 九五品
仅1件
广东广州
认证卖家担保交易快速发货售后保障
作者Wil Allsopp
出版社Wiley
ISBN9780470747612
出版时间2009-09
印刷时间2009-09
印数1千册
装帧平装
开本18开
纸张轻型纸
页数320页
字数1千字
定价434元
上书时间2024-11-23
- 最新上架
商品详情
- 品相描述:九五品
- 商品描述
-
基本信息
Format:Paperback / softback 320 pages
Publisher:John Wiley & Sons Inc
Imprint:John Wiley & Sons Inc
ISBN:9780470747612
Published:7 Aug 2009
Weight:616g
Dimensions:232 x 188 x 19 (mm)
页面参数仅供参考,具体以实物为准
书籍简介
规划和执行计算机安全的物理渗透测试的一份指南
大多数IT安全团队专注于保持网络和系统的安全,防止来自外部的攻击--但如果你的攻击者是在内部呢?虽然几乎所有的IT团队都在执行各种网络和应用程序的渗透测试程序,但对物理位置的审计和测试却没有那么普遍。现在,IT团队越来越多地要求进行物理渗透测试,但在培训方面却很少有机会。测试的目的是为了证明有关物理安全的操作程序的任何缺陷。
本书由世界知名黑客Kevin D. Mitnick和《入侵的艺术》及《欺骗的艺术》的主要作者撰写前言,是一本规划和执行物理渗透测试的指南。在书中,IT安全专家Wil Allsopp指导你完成从收集情报、进入内部、应对威胁、保持隐蔽(通常是在众目睽睽之下)以及进入网络和数据的整个过程。
●教会IT安全团队如何闯入自己的设施,以抵御此类攻击,这一点常常被IT安全团队忽视,但却具有至关重要的意义
●涉及情报收集,如获取建筑蓝图和卫星图像、黑进安全摄像机、安装窃听和安全频道等
●包括对受雇探测设施而不为工作人员所知的顾问的保障措施
●涵盖准备报告和向管理层提交报告的内容
为了保护数据,你需要像小偷一样思考--让《未经授权的访问》告诉你如何进入内部。
The first guide to planning and performing a physical penetration test on your computer's security
Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.
Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.
Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance
Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels
Includes safeguards for consultants paid to probe facilities unbeknown to staff
Covers preparing the report and presenting it to management
In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.
作者简介
Wil Allsopp(荷兰)是一名IT安全专家,曾为英国一些大公司提供安全审计,包括银行、政府和大多数财富100强公司。他的工作要求他部分是黑客,部分是小偷,因为公司雇用他来探测他们的安全措施到好。
Wil Allsopp (Netherlands) is an IT security expert who has provided security audits for some of the largest companies in the UK including top tier banking, government and most of the Fortune 100. His job requires him to be part hacker, and part thief as companies hire him to probe their security measures to the extreme.
目录
部分目录,仅供参考
Preface xi
Acknowledgements xv
Foreword xvii
1 The Basics of Physical Penetration Testing 1
What Do Penetration Testers Do? 2
Security Testing in the Real World 2
Legal and Procedural Issues 4
Know the Enemy 8
Engaging a Penetration Testing Team 9
Summary 10
2 Planning Your Physical Penetration Tests 11
Building the Operating Team 12
Project Planning and Workflow 15
Codes, Call Signs and Communication 26
Summary 28
3 Executing Tests 29
Common Paradigms for Conducting Tests 30
Conducting Site Exploration 31
Example Tactical Approaches 34
Mechanisms of Physical Security 36
Summary 50
4 An Introduction to Social Engineering Techniques 51
Introduction to Guerilla Psychology 53
Tactical Approaches to Social Engineering 61
Summary 66
5 Lock Picking 67
Lock Picking as a Hobby 68
Introduction to Lock Picking 72
Advanced Techniques 80
Attacking Other Mechanisms 82
Summary 86
6 Information Gathering 89
Dumpster Diving 90
Shoulder Surfing 99
Collecting Photographic Intelligence 102
Finding Information From Public Sources and the Internet 107
Electronic Surveillance 115
Covert Surveillance 117
Summary 119
7 Hacking Wireless Equipment 121
Wireless Networking Concepts 122
Introduction to Wireless Cryptography 125
Cracking Encryption 131
Attacking a Wireless Client 144
Mounting a Bluetooth Attack 150
Summary 153
8 Gathering the Right Equipment 155
The ‘‘Get of Jail Free’’ Card 155
Photography and Surveillance Equipment 157
Computer Equipment 159
Wireless Equipment 160
Global Positioning Systems 165
Lock Picking Tools 167
Forensics Equipment 169
Communications Equipment 170
Scanners 171
Summary 175
9 Tales from the Front Line 177
SCADA Raiders 177
Night Vision 187
Unauthorized Access 197
Summary 204
10 Introducing Security Policy Concepts 207
Physical Security 208
Protectively Marked or Classified GDI Material 213
Protective Markings in the Corporate World 216
— 没有更多了 —
以下为对购买帮助不大的评价